aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Peter Korsgaard <peter@korsgaard.com>2020-11-16 13:25:21 +0100
committerGravatar Peter Korsgaard <peter@korsgaard.com>2020-11-16 13:28:14 +0100
commitc57a3463cdbde554cd109036667a5756b7684eaa (patch)
treec9b7c0d09b06acb9a375976e34361897897a4efb
parent5110efaa330f029880a238ccefacfb11ea36947e (diff)
downloadbuildroot-c57a3463cdbde554cd109036667a5756b7684eaa.tar.gz
buildroot-c57a3463cdbde554cd109036667a5756b7684eaa.tar.bz2
package/tor: security bump to version 0.4.3.7
Fixes the following security issue: - TROVE-2020-005: When completing a channel, relays now check more thoroughly to make sure that it matches any pending circuits before attaching those circuits. Previously, address correctness and Ed25519 identities were not checked in this case, but only when extending circuits on an existing channel For more details, see the release notes: https://blog.torproject.org/node/1952 Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-rw-r--r--package/tor/tor.hash2
-rw-r--r--package/tor/tor.mk2
2 files changed, 2 insertions, 2 deletions
diff --git a/package/tor/tor.hash b/package/tor/tor.hash
index 47c2dd49b4..1f564c113a 100644
--- a/package/tor/tor.hash
+++ b/package/tor/tor.hash
@@ -1,3 +1,3 @@
# Locally computed
-sha256 6a2d0637d4e514be2ec574723a05065245cce51da78a21cec1dc831be5ccac62 tor-0.4.3.6.tar.gz
+sha256 b20f0b55a7058a952b167fcd2ed75b1a380ade95efce9a509f570c4636c2117a tor-0.4.3.7.tar.gz
sha256 ae2afe6cd3fd9d512afbaa1ef218757eb00aa6b6aa5e2dfc2774b6837e373fa1 LICENSE
diff --git a/package/tor/tor.mk b/package/tor/tor.mk
index 050114ccac..23320b895e 100644
--- a/package/tor/tor.mk
+++ b/package/tor/tor.mk
@@ -4,7 +4,7 @@
#
################################################################################
-TOR_VERSION = 0.4.3.6
+TOR_VERSION = 0.4.3.7
TOR_SITE = https://dist.torproject.org
TOR_LICENSE = BSD-3-Clause
TOR_LICENSE_FILES = LICENSE